zeromq / libzmq

ZeroMQ core engine in C++, implements ZMTP/3.1
https://www.zeromq.org
Mozilla Public License 2.0
9.75k stars 2.36k forks source link

AddressSanitizer doesn't play nice w/libsodium #4237

Open bill-torpey opened 3 years ago

bill-torpey commented 3 years ago

AddressSanitizer doesn't play nice w/libsodium

When running unit tests under ASAN, I get the following:

        Start  78: test_security_curve
 78/122 Test  #78: test_security_curve ..............Child aborted***Exception:   0.02 sec

Running under debugger (ASAN is not able to create core files), I get:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7833859 in __GI_abort () at abort.c:79
#2  0x00007ffff7d8328a in ?? () from /lib/x86_64-linux-gnu/libsodium.so.23
#3  0x00007ffff7d9cf2d in sodium_malloc () from /lib/x86_64-linux-gnu/libsodium.so.23
#4  0x00007ffff7e70a65 in zmq::secure_allocator_t<unsigned char>::allocate (this=<optimized out>, n=96) at /home/btorpey/work/libzmq/master/src/src/secure_allocator.hpp:59
#5  std::allocator_traits<zmq::secure_allocator_t<unsigned char> >::allocate (__a=..., __n=96) at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/alloc_traits.h:306
#6  std::_Vector_base<unsigned char, zmq::secure_allocator_t<unsigned char> >::_M_allocate (this=<optimized out>, __n=96) at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:343
#7  std::_Vector_base<unsigned char, zmq::secure_allocator_t<unsigned char> >::_M_create_storage (this=<optimized out>, __n=96) at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:358
#8  std::_Vector_base<unsigned char, zmq::secure_allocator_t<unsigned char> >::_Vector_base (this=<optimized out>, __n=96, __a=...) at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:302
#9  std::vector<unsigned char, zmq::secure_allocator_t<unsigned char> >::vector (this=<optimized out>, __n=96, __a=...) at /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:508
#10 zmq::curve_server_t::process_hello (this=0x61c000021080, msg_=<optimized out>) at /home/btorpey/work/libzmq/master/src/src/curve_server.cpp:184
#11 0x00007ffff7e70484 in zmq::curve_server_t::process_handshake_command (this=0x61c000021080, msg_=0x6100000000a8) at /home/btorpey/work/libzmq/master/src/src/curve_server.cpp:104
#12 0x00007ffff7ef050f in zmq::stream_engine_base_t::process_handshake_command (this=0x61c000020080, msg_=0x6100000000a8) at /home/btorpey/work/libzmq/master/src/src/stream_engine_base.cpp:491
#13 0x00007ffff7eed6c1 in zmq::stream_engine_base_t::in_event_internal (this=0x61c000020080) at /home/btorpey/work/libzmq/master/src/src/stream_engine_base.cpp:309
#14 0x00007ffff7e786b0 in zmq::epoll_t::loop (this=<optimized out>) at /home/btorpey/work/libzmq/master/src/src/epoll.cpp:206
#15 0x00007ffff7efb3b3 in thread_routine (arg_=<optimized out>) at /home/btorpey/work/libzmq/master/src/src/thread.cpp:257
#16 0x00007ffff7d5d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#17 0x00007ffff7930293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Presumably sodium_malloc is incompatible with ASAN. Because of this, we've started disabling libsodium (WITH_LIBSODIUM=Off) when building for ASAN.

My question is whether this is a reasonable solution, in which case I'll submit a PR; or whether another approach would be better.

Environment

bill-torpey commented 3 years ago

On further testing, it is not ASAN per se that causes the ABORT, but the fact that the project was built for release. (For whatever reason, debug builds do not ABORT).

The global variable page_size is never set -- the only place it is set is in _sodium_alloc_init, which is never called. (It is called from sodium_init in libsodium, but the sodium_init in tweetnacl.c hides the function in libsodium).

libsodium-bug

I'm not familiar with the security mechanism -- can someone please suggest the proper way to resolve this? Thanks!